CN102136938B - Method and device for providing user information for carried grade network address translation (CGN) equipment - Google Patents

Method and device for providing user information for carried grade network address translation (CGN) equipment Download PDF

Info

Publication number
CN102136938B
CN102136938B CN201010612284.1A CN201010612284A CN102136938B CN 102136938 B CN102136938 B CN 102136938B CN 201010612284 A CN201010612284 A CN 201010612284A CN 102136938 B CN102136938 B CN 102136938B
Authority
CN
China
Prior art keywords
user
equipment
user profile
cgn
profile
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201010612284.1A
Other languages
Chinese (zh)
Other versions
CN102136938A (en
Inventor
钱国锋
李冠峰
郭大勇
王淑香
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huawei Technologies Co Ltd
Original Assignee
Huawei Technologies Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huawei Technologies Co Ltd filed Critical Huawei Technologies Co Ltd
Priority to CN201010612284.1A priority Critical patent/CN102136938B/en
Publication of CN102136938A publication Critical patent/CN102136938A/en
Priority to PCT/CN2011/084179 priority patent/WO2012089039A1/en
Priority to EP11852650.8A priority patent/EP2637356A4/en
Application granted granted Critical
Publication of CN102136938B publication Critical patent/CN102136938B/en
Priority to US13/926,450 priority patent/US20130290561A1/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • H04L12/1403Architecture for metering, charging or billing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/14Charging, metering or billing arrangements for data wireline or wireless communications
    • H04L12/1425Charging, metering or billing arrangements for data wireline or wireless communications involving dedicated fields in the data packet for billing purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/28Data switching networks characterised by path configuration, e.g. LAN [Local Area Networks] or WAN [Wide Area Networks]
    • H04L12/2854Wide area networks, e.g. public data networks
    • H04L12/2856Access arrangements, e.g. Internet access
    • H04L12/2869Operational details of access network equipments
    • H04L12/287Remote access server, e.g. BRAS
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/09Mapping addresses
    • H04L61/25Mapping addresses of the same type
    • H04L61/2503Translation of Internet protocol [IP] addresses
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04MTELEPHONIC COMMUNICATION
    • H04M15/00Arrangements for metering, time-control or time indication ; Metering, charging or billing arrangements for voice wireline or wireless communications, e.g. VoIP
    • H04M15/67Transmitting arrangements for sending billing related information

Abstract

The embodiment of the invention discloses a method for providing user information for carried grade network address translation (CGN) equipment, and additionally discloses a remote authentication dial in user service (RADIUS) server and broadband remote access server (BRAS) equipment, which are used for providing the user information for the CGN equipment to enable the CGN equipment to perform user-based network management. The method of the embodiment of the invention comprises that: the RADIUS server receives an accounting-request of a user from the BRAS equipment, wherein the accounting-request carries the user information of the user, and the user information comprises a user identifier and the management information of the user; and the RADIUS server transmits the user information to the CGN equipment, so that the CGN equipment can perform the network management on the user according to the user information.

Description

Method and the device of user profile are provided to CGN equipment
Technical field
The present invention relates to communication technical field, relate in particular to a kind of method and device that user profile is provided to CGN equipment.
Background technology
Carrier class networks address transition (CGN, Carried Grade NAT) equipment is a kind of equipment of disposing in carrier network, by integrated tunnel and the network address translation (NAT of comprising, Network Address Translation) improves internet protocol version 4 (IPv4 in interior multiple evolution mechanism, Internet Protocol Version 4) and internet protocol version 6 (IPv6, Internet Protocol Version6) seamlessly transit and advance evolution process.
Broadband Remote Access Server (BRAS, Broadband Remote Access Server) equipment is the Novel connecting function Access Gateway towards broad band network application, and it is positioned at the marginal layer of backbone network, data access that can the completing user broadband network.BRAS equipment is mainly finished the function of two aspects, first aspect is network carrying function: such as point-to-point protocol (PPPoE on the Ethernet of being responsible for the termination user terminal, Point to Point Protocol over Ethernet) connects, to remote customer dialing authentication service (RADIUS, Remote Authentication Dial In User Service) server transmission user's domain name and password authenticate, and converge the traffic engineering capability of user terminal; Second aspect is the control practical function: authentication, charging and the management function etc. that realize the user terminal access as matching with Verification System, charge system and client management system and service strategy control system.
Under the prior art, CGN equipment and BRAS equipment are fully independently, can't carry out the transmission of information, because user name, the information such as password and user domain is kept on the BRAS equipment, CGN equipment does not possess user name, the information such as password and user domain, because CNG equipment is light-weight dual-stack (DS Lite, Dual Stack Lite) destination node in tunnel, so can only identify the user based on the IPv6 address, but in fact user's IPv6 address generally is Random assignment, itself can't learn user's relevant information from the IPv6 address, therefore CGN equipment can only carry out based on VLAN (VLAN, Virtual Local Area Network), the simple management of the information such as IP address can't carry out the network management based on the user.
Summary of the invention
The embodiment of the invention provides a kind of and provides method and the device of user profile to CGN equipment, is used for realizing providing user profile to CGN equipment, so that CGN equipment can carry out the network management based on the user.
The embodiment of the invention provides a kind ofly provides the method for user profile to CGN equipment, comprising:
The charging that radius server receives the user of BRAS equipment transmission begins solicited message, and wherein, charging begins the user profile that solicited message carries the user, and user profile comprises: user ID and user's management information;
Radius server sends user profile to CGN equipment, so that CGN equipment can carry out network management according to user's information.
The another kind that the embodiment of the invention provides provides the method for user profile to CGN equipment, comprising:
BRAS equipment receives the user's of radius server transmission reception access response information;
BRAS equipment sends to CGN equipment with this user's of preserving on the BRAS equipment user profile, so that CGN equipment can carry out network management according to user's information, user profile comprises: user ID and user's management information.
As can be seen from the above technical solutions, in a kind of technical scheme that the embodiment of the invention provides, the charging that is received the user of BRAS equipment transmission by radius server begins solicited message, wherein, charging begins the user profile that solicited message carries this user, then radius server sends this user profile to CGN equipment, because the user's that radius server receives charging begins the user profile that solicited message carries this user, radius server can send to this user's user profile CGN equipment, so CGN equipment after receiving this user profile, can carry out network management to this user according to this user profile.
In the another kind of scheme that the embodiment of the invention provides, received by BRAS equipment after the user's that radius server sends the reception access response information, BRAS equipment sends this user's user profile to CGN equipment, because after the user's that BRAS equipment reception radius server sends the reception access response information, which user that BRAS equipment can identify according to user's reception access response information needs transmission user profile is, at last, BRAS equipment will send to CGN equipment from this user's who preserves user profile with it, so CGN equipment after receiving this user profile, can carry out network management to this user according to this user profile.
Description of drawings
In order to be illustrated more clearly in the technical scheme in the embodiment of the invention, the accompanying drawing of required use was done to introduce simply during the below will describe embodiment, apparently, accompanying drawing in the following describes only is some embodiments of the present invention, for those skilled in the art, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is a kind of method flow schematic diagram that user profile is provided to CGN equipment that the embodiment of the invention one provides;
Fig. 2 is a kind of method flow schematic diagram that user profile is provided to CGN equipment that the embodiment of the invention two provides;
Fig. 3 is the message format schematic diagram of the RADIUS that provides of the embodiment of the invention two;
Fig. 4 is a kind of radius server schematic diagram that the embodiment of the invention three provides;
Fig. 5 is a kind of method flow schematic diagram that user profile is provided to CGN equipment that the embodiment of the invention four provides;
Fig. 6 is a kind of method flow schematic diagram that user profile is provided to CGN equipment that the embodiment of the invention five provides;
Fig. 7 is a kind of BRAS equipment schematic diagram that the embodiment of the invention six provides.
Embodiment
The embodiment of the invention provides a kind of and provides method and the device of user profile to CGN equipment, is used for providing user profile to CGN equipment, so that CGN equipment can carry out the network management based on the user.
For so that goal of the invention of the present invention, feature, advantage can be more obvious and understandable, below in conjunction with the accompanying drawing in the embodiment of the invention, technical scheme in the embodiment of the invention is clearly and completely described, obviously, the embodiments described below only are the present invention's part embodiment, but not whole embodiment.
Embodiment one
The present invention realizes providing to CGN equipment an embodiment of the method for user profile, can comprise: the charging that radius server receives the user of BRAS equipment transmission begins solicited message, and wherein, charging begins the user profile that solicited message carries this user; Radius server sends this user profile to CGN equipment.
Referring to Fig. 1, concrete steps can comprise:
101, the user's of radius server reception BRAS equipment transmission charging begins solicited message, and wherein, charging begins the user profile that solicited message carries this user;
In embodiments of the present invention, after the user inputs username and password, BRAS equipment is according to the username and password that obtains, send request access information (access-request) afterwards to radius server, radius server is analyzed this user profile and customer group (users) database information, if authentication success, radius server will receive access response information (access-accept) and send to BRAS equipment, the expression user has access rights, then, BRAS equipment is according to the authentication result access user that receives, send charging to radius server and begin solicited message (accounting-request), then the radius server charging that can receive the user that BRAS equipment sends begins solicited message, wherein, charging begins the user profile that solicited message carries this user, in embodiments of the present invention, user profile is that CGN equipment carries out based on the necessary various information of user's network management, user profile comprises: user ID and user's the contents such as management information, user ID is the visible information that is used for identifying different users in various messages, user ID specifically can comprise following one or more: user's name, user cipher, user type, IP address, user media access control (MAC, Media Access Control) address, customer position information, other specific identifiers of user etc.; Management information can comprise following one or more: user bandwidth, user's access rights, User Priority, user's online hours, customer flow, user's reliability is disposed, user's IP address assignment etc.
In the prior art, there is not user profile on the CGN equipment, can not carry out the network management based on the user, because CGN equipment is as the destination node in light-weight dual-stack tunnel, can only identify the user based on the IPv6 address, but in fact user's IPv6 address generally is Random assignment, itself can't learns user's relevant information from the IPv6 address, therefore CGN equipment can only carry out the simple management based on information such as VLAN, IP addresses, can't carry out the network management based on the user.
102, radius server sends this user profile to CGN equipment, so that CGN equipment can carry out network management to this user according to this user profile.
After charging that radius server receives the user that BRAS equipment sends begins solicited message, because charging begins to carry in the solicited message this user's user profile, so radius server can begin the user profile that solicited message gets access to this user by charging, then, radius server sends this user profile to CGN equipment, so, CGN equipment is after receiving this user profile, can carry out network management to this user according to this user profile, wherein, the management information that has comprised this user in the user profile, this user's management information is particular content and the mode of management of the network management that will carry out of CGN equipment, specific implementation can be specified by the user, also can be determined by mobile operator.
CGN equipment specifically can carry out following network management according to user profile:
1, user management: the reliability that comprises user bandwidth, user's access rights, User Priority, user's online hours, customer flow, user is disposed, user's IP address assignment etc.;
2, NAT management: comprise the deployment of the NAT reliability of sending cycle, user in user's public network address planning, user's public network session (session) number, user's public network address rental period, user's the control of public network flow bandwidth, user's NAT ALG (ALG, Application Layer Gateways) configuration, user's the NAT daily record etc.
Therefore, in the embodiment of the invention, the charging that is received the user of BRAS equipment transmission by radius server begins solicited message, wherein, charging begins the user profile that solicited message carries this user, then radius server sends this user profile to CGN equipment, because the user's that radius server receives charging begins the user profile that solicited message carries this user, radius server can send to this user's user profile CGN equipment, so CGN equipment after receiving this user profile, can carry out network management to this user according to this user profile.
Embodiment two
For ease of better understanding the technical scheme of the embodiment of the invention, the below carries out more detailed description with example more specifically to the technical scheme of the embodiment of the invention.
Referring to Fig. 2, concrete steps can comprise:
201, the user's of radius server reception BRAS equipment transmission charging begins solicited message, and wherein, charging begins the user profile that solicited message carries this user;
In embodiments of the present invention, after the user inputs username and password, BRAS equipment is according to the username and password that obtains, after radius server sends request access information, radius server is analyzed this user profile and customer group database information, if authentication success, radius server will receive access response information and send to BRAS equipment, the expression user has access rights, then, BRAS equipment is according to the authentication result access user that receives, send charging to radius server and begin solicited message, then the radius server charging that can receive the user that BRAS equipment sends begins solicited message, wherein, charging begins the user profile that solicited message carries this user, in embodiments of the present invention, user profile is that CGN equipment carries out based on the necessary various information of user's network management, user profile comprises: user ID and user's the contents such as management information, wherein, user ID is the visible information that is used for identifying different users in various messages, in actual applications, specifically can comprise following one or more: user's name, user cipher, user type, IP address, user's MAC address, customer position information, other specific identifiers of user etc.; Management information can comprise following one or more: user bandwidth, user's access rights, User Priority, user's online hours, customer flow, user's reliability is disposed, user's IP address assignment etc.Need to prove that the content of user's management information just illustrates because the difference of practical application scene is different, does not do this restriction herein.
202, radius server is to CGN equipment sending permission modify request messages, so that CGN equipment can carry out network management to this user according to this user profile, wherein, the authority modify request messages carries this user's user profile.
After charging that radius server receives the user that BRAS equipment sends begins solicited message, because charging begins to carry in the solicited message this user's user profile, so radius server can begin the user profile that solicited message gets access to this user by charging, then, radius server is revised request (CoA to CGN equipment sending permission, Change of Authenticator) message, the authority modify request messages carries this user's user profile.In concrete practical application, radius server can use existing RADIUS message, as shown in Figure 3, is the message format of RADIUS, and in the RADIUS message, the value that can use the Code territory is that 43 message is as follows:
Code=43-CoA-Request[RFC2882], be specifically as follows new attribute of this message expansion, be used for carrying this user's user profile, perhaps carry this user's user ID and policy template, wherein, the concrete service parameter that has comprised the related service template when CGN equipment carries out service management in the policy template.Need to prove, in actual applications, can also send by another way this user's user profile to CGN equipment, as expand a new protocol interface etc.
So, CGN equipment is after receiving the authority modify request messages, can get access to this user profile of this user, and according to this user profile this user is carried out network management, wherein, comprised this user's management information in the user profile, this user's management information is particular content and the mode of management of the network management that will carry out of CGN equipment, specific implementation can be specified by the user, also can be determined by mobile operator, and the network management that CGN equipment specifically carries out comprises:
1, user management: the reliability that comprises user bandwidth, user's access rights, User Priority, user's online hours, customer flow, user is disposed, user's IP address assignment etc.;
2, NAT management: comprise the deployment of the NAT reliability of sending cycle, user in user's public network address planning, user's public network session number, user's public network address rental period, user's the control of public network flow bandwidth, user's NAT ALG configuration, user's the NAT daily record etc.
Therefore, in the embodiment of the invention, the charging that is received the user of BRAS equipment transmission by radius server begins solicited message, wherein, charging begins the user profile that solicited message carries this user, then radius server is to CGN equipment sending permission modify request messages, and the authority modify request messages carries this user's user profile.Because the user's that radius server receives charging begins the user profile that solicited message carries this user, radius server can send to CGN equipment with this user by the authority modify request messages, so CGN equipment after getting access to this user profile, can carry out network management to this user according to this user profile.
For ease of better implementing the technical scheme of the above embodiment of the present invention, also provide the relevant apparatus that to implement technique scheme below the embodiment of the invention.
Embodiment three
Radius server 400 referring to Fig. 4, the embodiment of the invention provide can comprise: charging begins solicited message receiving element 401 and user profile transmitting element 402.
Wherein, charging begins solicited message receiving element 401, and the charging that is used for the user of reception BRAS equipment transmission begins solicited message, wherein, charging begins the user profile that solicited message carries this user, and user profile comprises: user ID and user's management information.
In actual applications, when the user authenticate by after, BRAS equipment is according to the authentication result access user that receives, send charging to radius server and begin solicited message, charging begins the charging that solicited message receiving element 401 can receive the user that BRAS equipment sends and begins solicited message, wherein, charging begins the user profile that solicited message carries this user, in embodiments of the present invention, user profile is that CGN equipment carries out based on the necessary various information of user's network management, user profile comprises: user ID and user's the contents such as management information, and wherein, user ID is the visible information that is used for identifying different users in various messages, in actual applications, user ID specifically can comprise following one or more: user's name, user cipher, user type, IP address, user's MAC address, customer position information, other specific identifiers of user etc.Management information can comprise following one or more: user bandwidth, user's access rights, User Priority, user's online hours, customer flow, user's reliability is disposed, user's IP address assignment etc.
User profile transmitting element 402 is for the user profile that sends this user to CGN equipment, so that CGN equipment can carry out network management to this user according to this user profile.
When charging begins after charging that solicited message receiving element 401 receives the user that BRAS equipment sends begins solicited message, because charging begins to carry in the solicited message this user's user profile, so radius server can begin the user profile that solicited message gets access to this user by charging, then, user profile transmitting element 402 sends this user profile to CGN equipment, so, CGN equipment is after receiving this user profile, can carry out network management to this user according to this user profile, wherein, the management information that has comprised this user in the user profile, this user's management information is particular content and the mode of management of the network management that will carry out of CGN equipment, specific implementation can be specified by the user, also can be determined by mobile operator.
Under a kind of application scenarios, user profile transmitting element 402 specifically comprises to the user profile that CGN equipment sends this user: to CGN equipment sending permission modify request messages, wherein, the authority modify request messages carries this user's user profile.As shown in Figure 3, be the message format of RADIUS, in the RADIUS message, the value that can use the Code territory is that 43 message is as follows:
Code=43-CoA-Request[RFC2882], be specifically as follows new attribute of this message expansion, be used for carrying this user's user profile, perhaps carry this user's user ID and policy template, wherein, the concrete service parameter that has comprised the related service template when CGN equipment carries out service management in the policy template.Need to prove, in actual applications, can also send by another way this user's user profile to CGN equipment, as expand a new protocol interface etc.
Therefore, in the embodiment of the invention, the charging that is begun the user of solicited message receiving element 401 reception BRAS equipment transmissions by charging begins solicited message, wherein, charging begins the user profile that solicited message carries this user, then user profile transmitting element 402 sends this user profile to CGN equipment, because charging begins the user's that solicited message receiving element 401 receives charging and begins the user profile that solicited message carries this user, user profile transmitting element 402 can send to this user's user profile CGN equipment, so CGN equipment after receiving this user profile, can carry out network management to this user according to this user profile.
Embodiment four
The present invention realizes providing to CGN equipment an embodiment of the method for user profile, can comprise: BRAS equipment receives the user's of radius server transmission reception access response information; BRAS equipment sends this user's user profile to CGN equipment.
Referring to Fig. 5, concrete steps can comprise:
501, BRAS equipment receives the user's of radius server transmission reception access response information;
In embodiments of the present invention, after the user inputs username and password, BRAS equipment is according to the username and password that obtains, after radius server sends request access information, radius server is analyzed this user profile and customer group database information, if authentication success, radius server will receive access response information and send to BRAS equipment, if BRAS equipment receives the user's of radius server transmission reception access response information, the expression user has access rights, and BRAS equipment accesses this user according to the authentication result that receives.
502, BRAS equipment sends to CGN equipment with this user's of preserving on the BRAS equipment user profile, so that CGN equipment can carry out network management to this user according to this user profile.
After BRAS equipment receives the user's that radius server sends reception access response information, BRAS equipment sends this user's user profile to CGN equipment, so CGN equipment can carry out network management to this user according to this user profile after receiving this user profile.Wherein, user profile is kept on the BRAS equipment, receive when BRAS equipment after user's the reception access response information, can get access to the user profile that send which user to CGN equipment, so that CGN equipment can be realized the network management to this user, user profile comprises: user ID and user's the contents such as management information, and wherein, user ID is the visible information that is used for identifying different users in various messages, in actual applications, user ID specifically can comprise following one or more: user's name, user cipher, user type, IP address, user's MAC address, customer position information, other specific identifiers of user etc.; Management information can comprise following one or more: user bandwidth, user's access rights, User Priority, user's online hours, customer flow, user's reliability is disposed, user's IP address assignment etc.
CGN equipment specifically can carry out following network management according to user profile after the charging that receives the user begins solicited message:
1, user management: the reliability that comprises user bandwidth, user's access rights, User Priority, user's online hours, customer flow, user is disposed, user's IP address assignment etc.;
2, NAT management: comprise the deployment of the NAT reliability of sending cycle, user in user's public network address planning, user's public network session number, user's public network address rental period, user's the control of public network flow bandwidth, user's NAT ALG configuration, user's the NAT daily record etc.
Therefore, in embodiments of the present invention, received by BRAS equipment after the user's that radius server sends the reception access response information, BRAS equipment sends this user's user profile to CGN equipment, because after the user's that BRAS equipment reception radius server sends the reception access response information, which user that BRAS equipment can identify according to user's reception access response information needs transmission user profile is, at last, BRAS equipment will send to CGN equipment from this user's who preserves user profile with it, so CGN equipment after receiving this user profile, can carry out network management to this user according to this user profile.
Embodiment five
For ease of better understanding the technical scheme of the embodiment of the invention, the below carries out more detailed description with example more specifically to the technical scheme of the embodiment of the invention.
Referring to Fig. 6, concrete steps can comprise:
601, BRAS equipment receives the user's of radius server transmission reception access response information;
In embodiments of the present invention, after the user inputs username and password, BRAS equipment is according to the username and password that obtains, after radius server sends request access information, radius server is analyzed this user profile and customer group database information, if authentication success, radius server will receive access response information and send to BRAS equipment, if BRAS equipment receives the user's of radius server transmission reception access response information, the expression user has access rights, and BRAS equipment accesses this user according to the authentication result that receives.
When 602, the charging from this user to radius server that send of BRAS equipment begins solicited message, this user's charging is begun solicited message make a copy for to CGN equipment, wherein, charging begins the user profile that solicited message carries this user.
After BRAS equipment receives the user's that radius server sends reception access response information, when the charging that BRAS equipment sends this user to radius server begins solicited message, this user's charging is begun solicited message makes a copy for to CGN equipment, charging begins the user profile that solicited message carries this user, so, after CGN equipment can get access to this user profile, according to this user profile this user is carried out network management.Wherein, user profile is kept on the BRAS equipment, receive when BRAS equipment after user's the reception access response information, can get access to the user profile that send which user to CGN equipment, so that CGN equipment can be realized the network management to this user, user profile comprises: user ID and user's the contents such as management information, and wherein, user ID is the visible information that is used for identifying different users in various messages, in actual applications, user ID specifically can comprise following one or more: user's name, user cipher, user type, IP address, user's MAC address, customer position information, other specific identifiers of user etc.; Management information can comprise following one or more: user bandwidth, user's access rights, User Priority, user's online hours, customer flow, user's reliability is disposed, user's IP address assignment etc.Need to prove that the content of user's management information just illustrates because the difference of practical application scene is different, does not do this restriction herein.
In concrete practical application, BRAS equipment can use existing RADIUS message in the structure charging when beginning solicited message, as shown in Figure 3, is the message format of RADIUS, and in the RADIUS message, the value that can use the Code territory is that 4 message is as follows:
Code=4-Accounting-Request[RFC2882], can be new attribute of this message expansion, be used for carrying this user's user profile, perhaps carry this user's user ID and policy template, wherein, the concrete service parameter that has comprised the related service template when CGN equipment carries out service management in the policy template.Need to prove, in actual applications, can also send by another way this user's user profile to CGN equipment, as expand a new protocol interface etc.
CGN equipment specifically can carry out following network management according to user profile after the charging that receives the user begins solicited message:
1, user management: the reliability that comprises user bandwidth, user's access rights, User Priority, user's online hours, customer flow, user is disposed, user's IP address assignment etc.;
2, NAT management: comprise the deployment of the NAT reliability of sending cycle, user in user's public network address planning, user's public network session number, user's public network address rental period, user's the control of public network flow bandwidth, user's NAT ALG configuration, user's the NAT daily record etc.
Therefore, in embodiments of the present invention, received by BRAS equipment after the user's that radius server sends the reception access response information, BRAS equipment sends this user's user profile to CGN equipment, because after the user's that BRAS equipment reception radius server sends the reception access response information, which user that BRAS equipment can identify according to user's reception access response information needs transmission user profile is, at last, BRAS equipment will send to CGN equipment from this user's who preserves user profile with it, so CGN equipment after receiving this user profile, can carry out network management to this user according to this user profile.
Be convenient to better implement the technical scheme of the above embodiment of the present invention, also provide the relevant apparatus that to implement technique scheme below the embodiment of the invention.
Embodiment six
Referring to Fig. 7, the BRAS equipment 700 that the embodiment of the invention six provides comprises: receive access response information receiving unit 701 and user profile transmitting element 702.
Wherein, receive access response information receiving unit 701, be used for the user's of reception radius server transmission reception access response information;
In embodiments of the present invention, when user profile and the customer group database information of radius server with the user is analyzed, if authentication success, radius server will receive access response information and send to reception access response information receiving unit 701, receive the reception access response information that access response information receiving unit 701 can receive the user of radius server transmission, the expression user has access rights, can be access in.
User profile transmitting element 702 is for the user profile that sends this user to CGN equipment, so that CGN equipment can carry out network management to this user according to this user profile.
After receiving access response information receiving unit 701 and receiving the user's that radius server sends reception access response information, user profile transmitting element 702 with this user's of preserving on the BRAS equipment 700 user profile to CGN equipment, so that CGN equipment can carry out network management to this user according to this user profile.Wherein, user profile comprises: user ID and user's the contents such as management information, and wherein, user ID is the visible information that is used for identifying different users in various messages, in actual applications, user ID specifically can comprise following one or more: user's name, user cipher, user type, IP address, user's MAC address, customer position information, other specific identifiers of user etc.; Management information can comprise following one or more: user bandwidth, user's access rights, User Priority, user's online hours, customer flow, user's reliability is disposed, user's IP address assignment etc.Need to prove that the content of user's management information just illustrates because the difference of practical application scene is different, does not do this restriction herein.
Under a kind of application scenarios, user profile transmitting element 702 specifically comprises to the user profile that CGN equipment sends this user: when the charging that sends this user to radius server begins solicited message, this user's charging is begun solicited message makes a copy for to CGN equipment, wherein, charging begins the user profile that solicited message carries this user.As shown in Figure 3, be the message format of RADIUS, in the RADIUS message, the value that can use the Code territory is that 4 message is as follows:
Code=4-Accounting-Request[RFC2882], can be new attribute of this message expansion, be used for carrying this user's user profile, perhaps carry this user's user ID and policy template, wherein, the concrete service parameter that has comprised the related service template when CGN equipment carries out service management in the policy template.Need to prove, in actual applications, can also send by another way this user's user profile to CGN equipment, as expand a new protocol interface etc.
CGN equipment specifically can carry out following network management according to user profile after the charging that receives the user begins solicited message:
1, user management: the reliability that comprises user bandwidth, user's access rights, User Priority, user's online hours, customer flow, user is disposed, user's IP address assignment etc.;
2, NAT management: comprise the deployment of the NAT reliability of sending cycle, user in user's public network address planning, user's public network session number, user's public network address rental period, user's the control of public network flow bandwidth, user's NAT ALG configuration, user's the NAT daily record etc.
Therefore, in embodiments of the present invention, after the reception access response information by the user who receives the 701 reception radius servers transmissions of access response information receiving unit, user profile transmitting element 702 sends this user's user profile to CGN equipment, because after the user's that reception access response information receiving unit 701 reception radius servers send the reception access response information, which user that BRAS equipment can identify according to user's reception access response information needs transmission user profile is, at last, user profile transmitting element 702 can send to CGN equipment with this user's of preserving on the BRAS equipment user profile, so CGN equipment after receiving this user profile, can carry out network management to this user according to this user profile.
One of ordinary skill in the art will appreciate that all or part of step in the whole bag of tricks of above-described embodiment is to come the relevant hardware of instruction finish by program, this program can be stored in the computer-readable recording medium, and storage medium can comprise: ROM, RAM, disk or CD etc.
More than a kind ofly provide the method for user profile and device to be described in detail to CGN equipment to what the embodiment of the invention provided, used specific case herein principle of the present invention and execution mode are set forth, the explanation of above embodiment just is used for helping to understand method of the present invention and core concept thereof; Simultaneously, for those skilled in the art, according to thought of the present invention, all will change in specific embodiments and applications, in sum, this description should not be construed as limitation of the present invention.

Claims (8)

1. one kind provides the method for user profile to carrier class networks address transition CGN equipment, it is characterized in that, comprising:
The charging that remote customer dialing authentication service radius server receives the user of Broadband Remote Access Server BRAS equipment transmission begins solicited message, described charging begins the user profile that solicited message carries described user, and described user profile comprises: user ID and user's management information;
Radius server sends described user profile to CGN equipment, so that described CGN equipment can carry out network management to described user according to described user profile; Described radius server sends described user profile to CGN equipment and is specially: radius server is to CGN equipment sending permission modify request messages, and described authority modify request messages carries described user's user profile.
2. according to claim 1ly provide the method for user profile to CGN equipment, it is characterized in that, described user ID comprise following one or more: user's name, user cipher, user type, user's Internet protocol IP address, user media access control MAC addresses, customer position information.
3. the method that user profile is provided to CGN equipment according to claim 1, it is characterized in that, described user's management information comprise following one or more: user bandwidth, user's access rights, User Priority, user's online hours, customer flow, user's reliability is disposed, user's IP address assignment.
4. one kind provides the method for user profile to carrier class networks address transition CGN equipment, it is characterized in that, comprising:
The user's that Broadband Remote Access Server BRAS equipment receiving remote subscriber dialing authentication service radius server sends reception access response information;
BRAS equipment sends to CGN equipment with the described user's that preserves on the described BRAS equipment user profile, be specially: when the charging that BRAS equipment sends described user to radius server begins solicited message, described user's charging is begun solicited message make a copy for to described CGN equipment, described charging begins the user profile that solicited message carries described user; So that described CGN equipment can carry out network management to described user according to described user profile, described user profile comprises: user ID and user's management information.
5. according to claim 4ly provide the method for user profile to CGN equipment, it is characterized in that, described user ID comprise following one or more: user's name, user cipher, user type, user's Internet protocol IP address, user media access control MAC addresses, customer position information.
6. the method that user profile is provided to CGN equipment according to claim 4, it is characterized in that, described user's management information comprise following one or more: user bandwidth, user's access rights, User Priority, user's online hours, customer flow, user's reliability is disposed, user's IP address assignment.
7. a remote customer dialing authentication service radius server is characterized in that, comprising:
Charging begins the solicited message receiving element, the charging that is used for the user of reception Broadband Remote Access Server BRAS equipment transmission begins solicited message, described charging begins the user profile that solicited message carries described user, and described user profile comprises: user ID and user's management information;
The user profile transmitting element is used for sending described user profile to carrier class networks address transition CGN equipment, and be specially: to CGN equipment sending permission modify request messages, described authority modify request messages carries described user's user profile; So that described CGN equipment can carry out network management to described user according to described user profile.
8. a Broadband Remote Access Server BRAS equipment is characterized in that, comprising:
Receive the access response information receiving unit, be used for the user's of receiving remote subscriber dialing authentication service radius server transmission reception access response information;
The user profile transmitting element, user profile for the described user that will preserve on the BRAS equipment sends to carrier class networks address transition CGN equipment, be specially: when the charging that sends described user to radius server begins solicited message, described user's charging is begun solicited message make a copy for to described CGN equipment, described charging begins the user profile that solicited message carries described user; So that described CGN equipment can carry out network management to described user according to described user profile, described user profile comprises: user ID and user's management information.
CN201010612284.1A 2010-12-29 2010-12-29 Method and device for providing user information for carried grade network address translation (CGN) equipment Active CN102136938B (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
CN201010612284.1A CN102136938B (en) 2010-12-29 2010-12-29 Method and device for providing user information for carried grade network address translation (CGN) equipment
PCT/CN2011/084179 WO2012089039A1 (en) 2010-12-29 2011-12-19 Method and device for providing user information to carried grade network address translation cgn apparatus
EP11852650.8A EP2637356A4 (en) 2010-12-29 2011-12-19 Method and device for providing user information to carried grade network address translation cgn apparatus
US13/926,450 US20130290561A1 (en) 2010-12-29 2013-06-25 Method and device for providing user information to cgn device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201010612284.1A CN102136938B (en) 2010-12-29 2010-12-29 Method and device for providing user information for carried grade network address translation (CGN) equipment

Publications (2)

Publication Number Publication Date
CN102136938A CN102136938A (en) 2011-07-27
CN102136938B true CN102136938B (en) 2013-03-20

Family

ID=44296599

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201010612284.1A Active CN102136938B (en) 2010-12-29 2010-12-29 Method and device for providing user information for carried grade network address translation (CGN) equipment

Country Status (4)

Country Link
US (1) US20130290561A1 (en)
EP (1) EP2637356A4 (en)
CN (1) CN102136938B (en)
WO (1) WO2012089039A1 (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102136938B (en) * 2010-12-29 2013-03-20 华为技术有限公司 Method and device for providing user information for carried grade network address translation (CGN) equipment
CN103067530B (en) * 2011-10-21 2016-01-20 中国电信股份有限公司 IP address management method and system
CN103503423A (en) * 2012-01-21 2014-01-08 华为技术有限公司 Method and apparatus for acquiring user information
CN103685586B (en) * 2012-09-07 2018-09-04 中兴通讯股份有限公司 A kind of methods, devices and systems for realizing that address is shared
CN104094618B (en) * 2013-01-29 2018-09-28 华为技术有限公司 Access control method, apparatus and system
CN104104661A (en) 2013-04-09 2014-10-15 中兴通讯股份有限公司 Client, server, and remote user dialing authentication capability negotiation method and system
CN105357168B (en) * 2014-08-19 2019-02-01 酷派软件技术(深圳)有限公司 A kind of equipment access authority distribution method and device
CN104580154A (en) * 2014-12-09 2015-04-29 上海斐讯数据通信技术有限公司 Web service security access method, system and corresponding server
CN105812149B (en) * 2014-12-30 2019-05-24 华为技术有限公司 Charging method, system and the relevant device of data service
CN109218318A (en) * 2018-09-25 2019-01-15 北京镇远网安科技有限公司 A kind of things-internet gateway login detecting method based on equipment knowledge
CN113296920B (en) * 2020-02-24 2023-08-01 国家广播电视总局广播电视科学研究院 Equipment remote control system and method
CN113507410B (en) * 2021-06-29 2023-04-07 新华三信息安全技术有限公司 CGN backup method and device

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2004266568A (en) * 2003-02-28 2004-09-24 Nec Corp Name resolution server and packet transfer apparatus
CN1674576B (en) * 2004-06-03 2010-04-28 华为技术有限公司 Method for transmitting strategic information inter-network equipment
CN100344094C (en) * 2004-09-01 2007-10-17 华为技术有限公司 Method for realizing authority charging to multi address user in IPv6 network
WO2007149385A2 (en) * 2006-06-16 2007-12-27 New Horizons Advertising, Inc. Local ad system
CN101465856B (en) * 2008-12-31 2012-09-05 杭州华三通信技术有限公司 Method and system for controlling user access
CN102136938B (en) * 2010-12-29 2013-03-20 华为技术有限公司 Method and device for providing user information for carried grade network address translation (CGN) equipment

Also Published As

Publication number Publication date
WO2012089039A1 (en) 2012-07-05
CN102136938A (en) 2011-07-27
EP2637356A1 (en) 2013-09-11
EP2637356A4 (en) 2013-09-11
US20130290561A1 (en) 2013-10-31

Similar Documents

Publication Publication Date Title
CN102136938B (en) Method and device for providing user information for carried grade network address translation (CGN) equipment
JP4927939B2 (en) Automatic home agent selection
CN103580980B (en) The method and device thereof that virtual network finds and automatically configures automatically
CN102917356B (en) Subscriber equipment is accessed the method, apparatus and system of the packet core network of evolution
CN107995052A (en) For for the wired and public control protocol of radio node method and apparatus
CN101902482B (en) Method and system for realizing terminal security admission control based on IPv6 (Internet Protocol Version 6) automatic configuration
CN103685026A (en) Virtual network access method and system
CN102301763A (en) Method and nodes for registering a terminal
JP2011515945A (en) Method and apparatus for communicating data packets between local networks
CN104917605B (en) The method and apparatus of key agreement during a kind of terminal device switching
CN102404293A (en) Dual-stack user managing method and broadband access server
CN102761440A (en) Method for establishing channel for managing IPv4 terminal and network gateway
US8400990B1 (en) Global service set identifiers
CN107800603A (en) Intranet user accesses the method and storage medium of headend equipment based on VPN
US20160142371A1 (en) Transmission system and method for network address translation traversal
CN101447976B (en) Method for accessing dynamic IP session, system and device thereof
CN102624707B (en) A kind of method and system of negotiation IPv6 information
WO2014032518A1 (en) Method and system for establishing l2tp tunnel
CN102577299B (en) The Access Network authentication information bearing protocol simplified
CN102098671B (en) Authentication method and system
CN105049241B (en) The method and system of accessing terminal to network
JP2006229265A (en) Gateway system
JP2022542713A (en) Message transmission/reception method and device, and communication system
EP2804346B1 (en) Method and system for discovering dlna device automatically
KR20090065836A (en) A method for providing seamless qos service in ip network using ip mobility control platform

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant